- Iranian hackers accessed two Cal Water systems and leaked 5GB of data
- A poorly secured GPS tool gave attackers a direct path inside Cal Water
- Administrative credentials for seven California districts were published in plaintext online
Tehran-linked threat group Handala has claimed it successfully breached California Water Service and released a 5GB data dump as proof.
Cal Water is one of the largest investor-owned water utilities in the United States, serving millions of residential and commercial customers across California.
Handala described the breach as direct retaliation for recent US military actions in Iran, claiming it could disrupt water access but deliberately chose not to — for now.
How a GPS tool became the entry point
Cybersecurity firm Dataminr analyzed the published data and identified two separate systems that Handala accessed during the breach.
The first was a customer billing database containing names, addresses, phone numbers, account numbers, and payment histories across multiple Cal Water districts.
The second was an internal RTKBase deployment — an open-source GPS base station platform used by field crews maintaining water infrastructure across California.
The RTKBase instance had been running continuously for approximately 783 hours at the time of access, with GPS correction data streaming across seven identified Cal Water districts.
Those districts included Bakersfield, Chico, Salinas, Stockton, Visalia, San Mateo, and a regional engineering segment spread across California.
The researchers believe that the GPS platform was not the end goal — it was the entry point into deeper infrastructure.
The RTKBase web interface was accessible via standard HTTP port 10000 across multiple district locations, making it straightforward for outside actors to…
